A hacker group called “Librarian Ghouls” is hijacking computers in Russia. They’re using the infected machines to mine cryptocurrency. Security company Kaspersky tracked the activity.
A hacker group known as the “Librarian Ghouls” is hijacking Russian computers to secretly mine cryptocurrency. The hacking group, also called “Rare Werewolf,” has already compromised hundreds of systems, mainly in industrial companies and tech schools. The cyberattack campaign began in December 2024 and is still ongoing.
Security researchers at Kaspersky tracked the activity. According to Kaspersky’s report, the hackers trick users with fake emails that look like official documents or payment notices. These emails carry hidden malware. Once opened, the malware lets hackers take control of the computer.
Once a computer is infected, the hackers take control. They disable security tools like Windows Defender. The malware also makes the computer turn on at 1 am and shut down at 5 am. Hackers use this time to work undetected.
Kaspersky believes this timing helps hide the hack from the device owner. The group steals login credentials during these hours. They also check the computer’s hardware – like RAM and CPU – to set up the crypto miner efficiently.
The miner runs while connected to a mining pool. It sends requests every 60 seconds. Kaspersky notes the hackers keep improving their methods. This includes stealing data and using more remote access tools.
This campaign started in December 2023 and continues. It hit hundreds of Russian users. Targets include industrial companies and engineering schools. Some victims are also in Belarus and Kazakhstan.
The phishing emails are written in Russian. Files and documents inside are also in Russian. This strongly points to Russian speakers as the main targets.
Kaspersky suggests Librarian Ghouls might be “hacktivists.” Hacktivists use hacking for political causes. The group relies heavily on legitimate third-party software instead of building their own malicious tools. This technique is common among hacktivist groups.
